By
The Associated Press
SEATTLE - Microsoft Corp. warned customers that its Internet Explorer Web browser has a security flaw that could allow hackers to run programs on another user's computer.
The glitch causes Internet Explorer to automatically open specially coded attachments in e-mail without warning, possibly unleashing programs that could do anything from sending users a harmless message to deleting files from their computers, the Redmond-based software company warned late Thursday.
Microsoft has developed a patch that can be downloaded from the company's Web site.
Internet Explorer versions 5.01 and 5.5 are affected.
Scott Culp, Microsoft's security program manager, said Friday the flaw is contained in "a few" out of several hundred Multipurpose Internet Mail Extensions, or MIMEs, which are used to encode files as e-mail attachments.
Culp said the problem is a typical software error and was discovered before any viruses could be spread.
"That's the best situation we can hope for, short of perfect software," he said.
Microsoft also was working to install checks for the glitch on virus scanners for corporate customers, he said.
The Redmond-based software giant was notified of the flaw by a security researcher in Spain who had found previous security gaps in Microsoft's Internet Explorer and Netscape Navigator.
Chris Rouland, director of the Atlanta-based Internet Security Systems' X-Force, called the glitch a "theoretical vulnerability."
"This is an example of the fact we see individuals and hackers are always looking for flaws and bugs," he said.
